hi everybody,
i had an issue when uploading images via the xotof app on android.
the stack trace was:
Quote:
2012-06-11 20:51:08 +00:00 --- error: Kohana_Exception [ 403 ]: @todo FORBIDDEN
/var/www/vhosts/mydomnain/htdocs/modules/gallery/helpers/access.php [ 202 ]
#0 /var/www/vhosts/mydomnain/htdocs/modules/gallery/helpers/access.php(129): access_Core::forbidden()
#1 /var/www/vhosts/mydomnain/htdocs/modules/gallery/helpers/item_rest.php(153): access_Core::required('edit', Object(Item_Model))
#2 [internal function]: item_rest_Core::post(Object(stdClass))
#3 /var/www/vhosts/mydomnain/htdocs/modules/rest/controllers/rest.php(105): call_user_func(Array, Object(stdClass))
#4 [internal function]: Rest_Controller->__call('item', Array)
#5 /var/www/vhosts/mydomnain/htdocs/system/core/Kohana.php(331): ReflectionMethod->invokeArgs(Object(Rest_Controller), Array)
#6 [internal function]: Kohana_Core::instance(NULL)
#7 /var/www/vhosts/mydomnain/htdocs/system/core/Event.php(208): call_user_func_array(Array, Array)
#8 /var/www/vhosts/mydomnain/htdocs/application/Bootstrap.php(67): Event_Core::run('system.execute')
#9 /var/www/vhosts/mydomnain/htdocs/index.php(113): require('/var/www/vhosts...')
#10 {main}
it is caused by the post() method in modules/gallery/helpers/item_rest.php which checks for the "edit" permission. But i think it must check for the "add" permission, which fixed the issue for me.
My users have the right to add photos to albums, but not to edit them so i ran into this issue.
Can anyone comment on this issue?
thanks, bye peter
Posted: Mon, 2012-06-11 21:25
Posts: 4
Hi,
I confirm Prace's findings: as soon as I give "edit" permission, the uploads from the xotof mobile application work and very efficiently at that.
As Pace mentioned, the problem seems to lie within the rest api.
The item_rest.php ( https://github.com/gallery/gallery3/blob/master/modules/gallery/helpers/item_rest.php )has the following:
class item_rest_Core {
.....
static function post($request) {
$parent = rest::resolve($request->url);
access::required("edit", $parent);
From my understanding of the permissions and inline with Prace's suggestion, the post function should check for "add" permissions rather than "edit", no?
Changing line 153 of gallery3/modules/gallery/helpers/item_rest.php
from: access::required("edit", $parent);
to: access::required("add", $parent);
solved the issue on my server.
Many thanks for looking into this as it will mean that the mobile applications (xotof, regalandroid, vigallery) can upload to the albums with "add" permissions as intended.
And while I am at it, let me give a big big thanks for Gallery3 - love it and it is by far the best open source photo gallery out there.
Posts: 7985
Yep you guys are right - sorry to take so long to get around to fixing it, I was on an extended vacation.
https://sourceforge.net/apps/trac/gallery/ticket/1929
Fix committed.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 4
Cool, thanks